The present invention relates to techniques in a public key infrastructure (hereinbelow, termed “PKI”), well suited for authenticating the validity of a public key certificate to validate a signature for an electronic procedure received by a certain terminal.
In various organizations and parties on private and public bases, PKIs have been introduced and made ready for use in order to electronicize manifold procedures which were taken with sheets of paper in the past.
FIG. 12 shows an example of the relationship among a plurality of certificate authorities (hereinbelow, termed “CAs”) which exist in a PKI.
As shown in the figure, the CAs each issuing and managing public key certificates form a group having a tree structure whose apex is the root certificate authority CA1. The group is called “security domain”, and it is a PKI unit which is operated under one policy management organ. The root certificate authority CA1 issues public key certificates to the certificate authorities CA21-CA2n which are located directly downstream of itself. Besides, each of the certificate authorities CA21-CA2n issues public key certificates to the certificate authorities CA31-CA3n1 which are located directly downstream of itself. In this manner, each certificate authority located directly upstream in the tree issues public key certificates to the CAs located directly downstream of itself. Further, each of the CAs located at the downmost stream in the tree (hereinbelow, called “end-entity certificate issuing CAs”) CAS1-CASnm issues public key certificates to users taking electronic procedures (hereinbelow, called “end entities: EE”) EE1-EEx.
The legality of a secret key (signature key) which each of the apparatuses EE1-EEx uses in generating the signature of an electronic document is certified by the public key certificate issued by that one of the terminal admitting certificate authorities CAS1-CASnm which admits the pertinent apparatus itself. In turn, the legality of a secret key which each of the terminal admitting certificate authorities CAS1-CASnm uses in generating the signature of the issued public key certificate is certified by the public key certificate issued by that one of the certificate authorities CA(S-1)1-CA(S-1)n(m-1) which admits the pertinent terminal admitting certificate authority itself. Accordingly, the secret key which each of the apparatuses EE1-EEx uses in generating the signature is finally certified by the public key certificate issued by the root certificate authority CA1. The certificate authority which finally certifies the legalities of the keys respectively used in generating the signatures by the apparatuses EE1-EEx, in other words, which is trusted by the apparatuses EE1-EEx and which is located at the upmost stream in the tree, is called “trust anchor CA”.
Referring now to FIG. 12, the apparatus EE1 affixes a signature to an electronic document which is to be transmitted to the apparatus EEx, by using the secret key held by the apparatus EE1 itself. Besides, the apparatus EE1 attaches to the signed electronic document a public key certificate of EE1 paired with the above secret key and which has been issued by the terminal admitting certificate authority CAS1, and it transmits the document and the certificate to the apparatus EEx.
The apparatus EEx can validate the signature of the electronic document received from the apparatus EE1; by employing the public key certificate of the apparatus EE1 attached to this electronic document. Since, however, the public key certificate of the apparatus EE1 is not one issued by the certificate issuing authority CASnm for the apparatus EEx, this apparatus EEx cannot immediately trust the pertinent public key certificate unless it authenticates that the validity of the pertinent public key certificate is certified by the root certificate authority CA1 which is the trust anchor of apparatus EEx itself. A validity authentication process for the public key certificate here is executed by the following steps: (1) Search for Path from Trust anchor CA to certificate authority CA which is Issue origin of Public key certificate; With a trust anchor CA (here, the root certificate authority CA1) set as a start CA, the processing of inspecting the issue destinations of public key certificates issued by the start CA and further inspecting if any downstream CAs are included among the inspected issue destinations, the issue destinations of public key certificates issued by the downstream CAs is continued until a CA issuing an EE certificate (here, the certificate authority CAS1 issuing the public key certificate of the end entity EE1) is included among the further inspected issue destinations of the public key certificates. Thus, a path from the trust anchor CA to the EE certificate issuing CA is searched for. (2) Validation of Path searched for; There are obtained public key certificates issued from the individual CAs located on the path searched for by the step (1), to the CAs located directly downstream of the respective CAs on the path. Besides, the processing of validating the signature of the pertinent public key certificate whose validity is to be authenticated (here, the public key certificate issued to the end entity EE1 by the EE-certificate issuing certificate authority CAS1), in the light of the public key certificate issued by the CA located directly upstream of the CA having issued the pertinent public key certificate (here, the EE-certificate issuing certificate authority CAS1), and subsequently validating, if it has been verified, the signature of the public key certificate issued by the CA located directly upstream, in the light of the public key certificate issued by the CA located directly upstream still further, is continued until the upstream CA reaches the trust anchor. In a case where the signature has been verified up to the trust anchor in due course, the validity of the public key certificate whose the validity is to be authenticated shall have been authenticated.
The apparatus EEx can authenticate the legality of the electronic document received from the apparatus EE1, in such away that the signature of the electronic document is verified using the public key certificate of the apparatus EE1 attached to the electronic document, and that the validity of the public key certificate of the apparatus EE1 used for validating the signature of the electronic document is authenticated in accordance with the steps (1) and (2) stated above.
Incidentally, it is premised in the foregoing that the process for authenticating the validity of the public key certificate is executed in the EE apparatus. However, the public-key certificate validity authentication process is heavy in load, and a high processing capability is required of the EE apparatus for the execution of the process. It has therefore been proposed by the IETF (Internet Engineering Task Force) which is a party for stipulating the standardizations of various technologies on the Internet, that an authority for authenticating the validity of a certificate (hereinbelow, termed “validation authority: VA”) as is connected to the EE apparatuses through a network is disposed so as to authenticate the validity of the public key certificate instead of the EE apparatus. In the case where the validity of the public key certificate is authenticated in the VA apparatus, the EE apparatus first sends the VA apparatus a request for authenticating the validity of the public key certificate. Subsequently, the VA apparatus executes the process of the above steps (1) and (2). Finally, it sends the EE apparatus the result of the process.
On this occasion, a method for shortening a time period which is expended since the request of the EE apparatus for the public-key certificate validity authentication till the obtainment of the result is as stated below.
In the VA apparatus, paths are periodically searched for and are registered in a path database beforehand. In a case where a certain EE apparatus has made the request for the public-key certificate validity authentication, the path database of the VA apparatus is searched for a corresponding path, and the path searched for is verified, whereby the validity of the public key certificate is authenticated (refer to, for example, U.S. Pat. No. 6,134,550 hereinafter, Patent Document 1).
In another method, in the VA apparatus, all paths are periodically searched for and are verified beforehand. Only the paths which have been succeeded in the validations (valid paths) are registered in a path database. In a case where a certain EE apparatus has made a request for the public-key certificate validity authentication, it is checked whether or not a corresponding path is registered in the path database of the VA apparatus, whereby the validity of the public key certificate is authenticated (refer to, for example, U.S. Patent Published Application No. 20020046340 hereinafter, Patent Document 2).